There will probably be a small logo, a mark, or, commonly, a depiction of a fly.

Pee on that.

There will probably be a small logo, a mark, or, commonly, a depiction of a fly.

Pee on that.

It’s that, plus other factors. The regulations are more lenient, it’s easier to get a more efficient engine in with more mass to work with, it’s easier to pass safety ranking checks, and it’s easier to put comfort features in that consumers want.
Putting a large crumple zone on a compact isn’t as easy as putting one on a giant truck.
(Note this isn’t saying big cars are more or proportionally more efficient , but that the efficiency advances they’ve made over the years are easier to implement in a large engine)

You are correct, but I’m willing to give some leeway for using “unquestionable” as shorthand for “backed by such a remarkable corpus of evidence that for any contradictory hypothesis to seriously call it into question would require a literally unimaginable scope of evidence”.

I think germ theory and gravity are about the only ones I can readily think of. Not relativity based gravity, just… Gravity.

Why?

I use Linux. This means everyday I use software developed by Google, Microsoft, IBM, Oracle, the US military and the NSA.

It doesn’t really matter who developed or contributed so much as who benefits.

I’m not sure that’s right. It’s not like they’re giving money to brave. The library itself isn’t tainted, and using it doesn’t benefit brave or the CEO.

Further, simply supporting a thing doesn’t make that thing a moral proxy for the supporter. That path leads to an infinite regress of bad moral choices with nothing being moral.

Whoah, I never said I wasn’t interested in the exchange, only that I wasn’t interested in the topic.
As someone who’s extremely insistent that it’s grossly improper to make any form of inferences beyond what is literally stated, I’m shocked you would make such a leap!

I think you’re persistently confusing me with someone else. I perfectly understand your point, and have never had any doubt about what you intended to say. I never even disagreed with you on the topic.
I clarified someone else’s point to you, and you started explaining to me how they made unreasonable assumptions, which is what I disappeared with.

Intellectual property laws apply to open and closed source software and developers equally. When you make a statement about legal culpability for an action by one group, it makes sense to assume that statement applies to the other because in the eyes of the law and most people people in context there’s no distinction between them.

No one is unclear that you were only referring to one group anymore. That’s abundantly clear.

My point is that you’re being overly defensive about someone else making a normal assumption about the logic behind your argument. And you’re directing that defensiveness at someone who never even made that assumption.

I’m really not interested in the topic. I’m talking because I explained what someone else meant and you started responding as though that was an opinion or argument I was making.

That’s not “applying the argument consistently”, it’s removing context, overgeneralizing the argument, and applying a strawman based on a twisted version of it.

It’s really not.
It’s not unreasonable for someone to think “developers who use copy written code from AI aren’t liable for infringement” applies to closed source devs as well as open, and to disagree because they don’t like one of those.
It’s perfectly valid for you to also disagree and say the statement shouldn’t apply both ways, but that doesn’t make the other statement somehow a non-sequitor.

Alright. I didn’t see any gotchas or argument, and didn’t make the comment.

That being said, reading the context I assume you’re referring to, it hardly reads like anything more than talking about the implication of the idea you shared.
Disagreeing because applying the argument consistently results in an undesirable outcome isn’t objectionable.

I don’t really see it as a divergence from the topic, since it’s the other side of a developer not being responsible for the code the LLM produces, like you were saying.
In any case, it’s not like conversations can’t drift to adjacent topics.

Besides, closed-source code developers could’ve been stealing open-source code all along. They don’t really need AI to do that.

Yes, but that’s the point of laundering something. Before if you put foss code in your commercial product a human could be deposed in the lawsuit and make it public and then there’s consequences. Now you can openly do so and point at the LLM.

People don’t launder money so they can spend it, they launder money so they can spend it openly.

Regardless, it wasn’t even my comment, I just understood what they were saying and I’ve already replied way out of proportion to how invested I am in the topic.

I believe what they’re referring to is the training of models on open source code, which is then used to generate closed source code.
The break in connection you mention makes it not legally infringement, but now code derived from open source is closed source.

Because of the untested nature of the situation, it’s unclear how it would unfold, likely hinging on how the request was formed.

We have similar precedent with reverse engineering, but the non sentient tool doing it makes it complicated.

That actually makes security much, much worse. It’s training users to make authenticating part of their continuous routine, so when a random site that looks like the login page asks for their password you’re inclined to simply proceed, since diligence has an excessively big time cost.
Same goes for mfa. If validating every request, particularly if you use a service with push based mfa, takes too much effort then people just fulfill the request.

The ideal is that you only authenticate when it’s actually important, as an exceptional circumstance that makes the user pause and make sure things are good. Changing the bank account your pay gets sent to warrants an authentication.
“You’ve been using email for 20 minutes” doesn’t.

Realistically your session should probably be about the length of a workday with a little buffer for people who work a little longer to not end up with 99% of a session sitting open on their laptop. 9-10 hours should be fine.

You want the machine credentials that a laptop uses to talk to the mail server, or the hr software uses to talk to the doobips to have short credentials so if someone hacks the mail server they have a short window to use them, but that doesn’t impact user authentication requirements.

Just for more clarity: they workshoped for ideas on how to improve clarity and accessibility from some editors at an event. They did some small experiments, and they then developed a plan to trial some of them and presented the plan to a wider audience for feedback. After they got feedback they decided not to.

It’s not quite the editors pushing back on Wikipedia. Or rather, it’s not the “rebellion” people want to make it out to be.

https://www.mediawiki.org/wiki/Readers/2024_Reader_and_Donor_Experiences/Content_Discovery/Wikimania_2024,_"Written_by_AI"_How_do_editors_and_machines_collaborate_to_create_content

https://www.mediawiki.org/wiki/Reading/Web/Content_Discovery_Experiments/Simple_Article_Summaries

It rubs me the wrong way when the process going how it should go gets cast as controversial and dramatic. Asking the community if you should do something and listening to them is how it’s supposed to go. It’s not resistance, it’s all of them being on the same team and talking.

Eh, that’s not quite original research. There are plenty of other examples of images and sound files created for Wikipedia. A representative example isn’t research, it’s just indicating what something is.

The Wikipedia article on AI slop and generative AI has a few instances of content that’s representative to illustrate a sourced statement, as opposed to being evidence or something.

It’s similar to the various charts and animations.

Yes, but…

https://en.wikipedia.org/wiki/Wikipedia%3ADatabase_download

That’s because viewing the page uses server resources, as done API access. If you want the data you can download the database directly.

It can totally be fine for your needs, and secure while it does so, and not be two factors.

It’s a question of what’s required for access. In this case, they would need your password and to have had some manner of device access at some point to steal the value used by 1password to verify you at one point had the secret key. Someone with a keylogger from a random untargeted malware infection could plausibly get sufficient information. It’s really good 1 factor.

To be two factor there would need to be a requirement for two factors to be demonstrated at auth time. For example, if 1password encrypted the passkeys in such a way that the passkey could not ever leave the device, like via certain types of hardware backed key storage, then unlocking the vault is proof of something you know, and the usage of the signature is proof you have the chip.
The trickery comes about in the techniques available to move the passkey between encrypted hardware devices without it ever being exposed or loosing the “device you control” assurances.

For the record, I use 1password. Just not for passkeys on desktop. I prefer the Bluetooth connection to my phone, since phones currently do a much better job providing uniform targets for what’s needed to provide the proper two factor for something like passkeys.

There are secure ways to transfer the key that preserve the properties that make it useful as two factors in one.

Basically, the device will only release the key in an encrypted fashion readable by another device able to make the same guarantees, after the user has used that device to authenticate to the first device using the key being transferred.
A backup works the same way.

You can do that without an extension. There’s a bunch of different protocols that let you, for example, use your phone as the authenticator.
You can log in with your phone on a computer you’ve never used before by scanning a QR code and credentials never leave your device.

My passkeys are tied to my phone, which I use via the browser and OS. I keep them in my password manager running on the phone. My password manager supports the open spec for securely migrating credentials between vendors.

It may be difficult to believe but they want you to use them because they’re legitimately significantly better.

Users are silly. They blame Microsoft for bad passwords. They blame Google for forgotten passwords. They blame Facebook when they click on a phishing link. They blame apple when apple “lets” someone who they gave their password to see their pictures. They blame apple when they don’t let the user in just because they forgot their password and every recovery mechanism.

Everyone involved has a significant issue with passwords because they cost them user satisfaction, credibility, or money directly. The reason cross vendor transfer has been slow is because everyone wants to be the leader, since if everyone follows your lead you get to make it work better with your stuff.

That ones because users like choice. They need to look up who you are to know how you’ve chosen to authenticate. At least, that’s how it started. Some could be doing it because the big kids are, but that’s why the big kids do.
And they support choice because businesses want to use their login infrastructure and refuse to share. So you enter “user@businessOrUniversity.com.edu” and it forwards you to your institutional login.